Set up webhooks

Set up event-based notifications to let third-party apps subscribe to key events in the SecureAuth CIAM platform, like Open Banking consents or data access requests. Developers can also use the Webhook CRUD APIs.

Create a webhook for event-based notifications

In the target workspace, from the left sidebar, go to Extensions > Webhooks.
Click Create Webhook and provide the following details:
URL
The endpoint to send notifications to (for example, a logging endoint).
Subscribed events
Choose the events that will trigger the notification. Events depend on the workspace type.
Click Create to confirm. When prompted, copy the API key.
The API key is sent with outbound SecureAuth requests and can secure the target server.
Result: The webhook is now active, and event-based notifications will trigger in this workspace.
To disable certificate validation for SecureAuth requests, enable Developer mode.

Hardening

Each webhook invocation contains an X-API-Key HTTP header containing the unique Webhook API Key provided in the prevcious section. Configure your logging solution to validate this key and accept only requests with the correct value.

Here’s an example of a minimal Nginx server that performs this check:

server {
    listen 80;
    server_name <public url of the logging solution>;

    location / {
        if ($http_x_api_key != '<webhook api key>') {
            return 403;
        }

        proxy_pass http://<backend url of the loggin solution>;
    }
}

This ensures that only authorized webhook requests reach your logging solution.

In this section:

URL	The endpoint to send notifications to (for example, a logging endoint).
Subscribed events	Choose the events that will trigger the notification. Events depend on the workspace type.

Set up webhooks

Create a webhook for event-based notifications

Hardening

Search results